Arcade Village Blog

WordPress hacked for the last time!

Each owner of a site based on Wordpress experiments at least once the attack on his site by hackers who divert articles or menus to commercial sites.
This situation is painful and does not seem to improve despite the new versions.
So, what are the advantages and disadvantages of Wordpress and what solution did I find following the last attack I suffered?

The disadvantages


- 60% of the blog uses Wordpress, according to their estimate, and the computer code of Wordpress is easily readable. These two features attract hackers who can find an entrance to infect a large number of sites (my site was part of a batch of 100,000 hacked sites) for a minimum of work.
- Wordpress sites are usually heavy and not very optimized. This leads to quite long page loading times with a slow internet connection or a smartphone. However, the consultation of Internet pages by smartphone tends to become majority.
- Wordpress uses plugins, small bricks of programs created by independents people, that are another gateway for hackers.

Advantages


- With Wordpress, no need for software ingineers. Some notions are enough to create a simple site.
- Most sites take the same frame. So why redo what already exists? That's what offer an infinite number of plugins compatible with Wordpress.
- Wordpress allows graphic designers without computer skills to sell websites.
- Wordpress provides a very powerful word processor for writing articles. This treatment allows you to be independent for updating the site, even if you have used a third party to create it. This word processor alone is a valid reason to use Wordpress.

My particular case


I use Wordpress as a complement to my sites to add blogs or news pages. I just need to post the articles. So I created a PHP class to display Wordpress articles in my sites and I continue to use the word processor to update them.

How are articles kept in Wordpress


The key of Wordpress is the wp_posts table which contains all the parameters and the contents of the articles. To view the articles of the site, we need only a few fields of this table:
ID is the internal number of the article.
post_author is the identifier of the author in the users table. I do not use it.
post_title is the title of the article
post_date is the date of the article. The table also contains the creation date, which I would not use. Each date field is associated with a date_gmt field that does not interest me either.
post_type is the type of post. For Wordpress, everything is article: news, pages or even images. We are only interested in news. Their post_type column contains the value 'post'.
post_status is the status of the article. Wordpress keeps the revisions as well as the automatic backups in the table wp_posts, we will only take into account articles to publish, ie those whose column post_status contains the value 'publish'

The CCWPAccess class


This class offers two features
- View the list of the last articles
- View an article.
The CCWPACCess class needs two parameters to be instantiated :
- $prefix_table: when creating Wordpress, the same prefix is ​​placed at the beginning of the name of all the tables.
- $format_date: the format of the tables.
I could have developed routines to get this information in Wordpress (the file wp-config.php), but my goal is not to use its code.
This class provides a loadPost function that allows you to download the article and functions to display it (getTitle (), getDate (), getContent ()).
It offers another interesting function: getNews ($ bdd, $ limit = 10)
This function downloads the useful information (id, title, date) of the last $ limit items in an object array of type CCWPACCessItem
The displayList function displays them, the getLastID () function returns the ID of the last article.

<?php

class CCWPAccessItem
{
var $id = -1;
var $title;
var $pdate;

function fromFetch($r)
{
$this->id = $r["ID"];
$this->title = $r["post_title"];
$this->pdate = $r["post_date"];
}
}

class CCWPAccess
{
var $id = -1;
var $title;
var $pdate;
var $content;
var $tprefix;
var $dformat;
var $news;
var $idmax; // Permet d'afficher la dernière news.

function CCWPACCESS( $prefix_table, $format_date )
{
$this->tprefixe = $prefix_table;
$this->dformat = $format_date;
$this->news = array();
}

function loadPost($bdd, $id)
{
$s = "select post_type, post_title,post_date,post_content from wp_posts where ID = ".$id;
$q=mysqli_query ($bdd,$s);
if ( $r=mysqli_fetch_array($q) )
{
if ( $r["post_type"] == "post" )
{
$this->id = $id;
$this->title = $r["post_title"];
$this->pdate = $r["post_date"];
$this->content = $r["post_content"];
}
}

}

function getTitle()
{
return $this->title;
}

function getDate()
{
return date($this->dformat,strtotime($this->pdate));
}

function getContent()
{
return nl2br($this->content,false);
}

function getNews($bdd, $limit=10)
{
$this->news = array();
$this->idmax = -1;
$s = "select ID,post_title,post_date from wp_posts where post_type = 'post' and post_status = 'publish' order by post_date desc limit 0,".$limit;
$q=mysqli_query ($bdd,$s);
while ( $r=mysqli_fetch_array($q) )
{
if ( $this->idmax == -1 ) $this->idmax = $r["ID"];
$pi = new CCWPAccessItem();
$pi->fromFetch($r);
$this->news[] = $pi;
}
}

function getLastID()
{
return $this->idmax;
}

function displayList($page,$extension)
{
for ($i=0; $i < sizeof($this->news) ; $i++ )
{
$pi = $this->news[$i];
echo "<a href="".$page.$pi->id.".".$extension."">".date($this->dformat,strtotime($this->pdate))." ".$pi->title."";
}
}

}

?>

Here's an example of a page displaying the last article (or an article defined by the id parameter) followed by the list of articles

<?php
include("cc_wpaccess.php");

$bdd=connect();
$wp = new CCWPAccess("wp_","d/m/Y");

$wp->getNews($bdd,5); // get the five last posts list.

if ( isset($_GET["id"]) ) // If id is specified, let's show this post
$idn = $_GET["id"];
else
$idn = $wp->getLastID(); // else let's show this post
$wp->loadPost($bdd,$idn);

// Sohw the post
echo "<h2>".$wp->getTitle()."</h2>";
echo "
".$wp->getDate()."
";
echo $wp->getContent();

disconnect($bdd);

// Propose the list
echo"<h2>Others news</h2>";
echo "
";
$wp->displayList("news","html");
echo "
";
?>

My website is simple. A headband and the items below. This class and notions of CSS are more than enough to make a nice site so the display is completely disconnected from Wordpress.